From the course: Microsoft 365: Implement Security and Threat Management
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Monitor ATP incidents
From the course: Microsoft 365: Implement Security and Threat Management
Monitor ATP incidents
- [Presenter] Monitor ATP incidents. Azure advanced threat protection or ATP, monitors information generated from your organization's active directory, network activities and event activities to detect suspicious activities. The monitored activity information enables Azure ATP to help you determine the validity of each potential threat and correctly triage and respond. The following categories of activities are monitored by ATA and ATP. User account AD attribute changes, AD security principal operations, Domain controller based user operations, Login operations, and then machine account changes and updates. Azure ATA security alerts are divided into the following categories or phases, like the phases seen in a typical attack kill chain. Reconnaissance alerts, compromised credentials alerts, lateral movement alerts, domain dominance alerts, and then exfiltration alerts. The ATA reports section in the console enables you to…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.